On-line shopping offers unprecedented ease and convenience for consumers, while enabling merchants to reduce costs and obtain new customers. However, many consumers have been reluctant to take advantage of these benefits due to fear of theft of sensitive information such as credit card numbers. Efforts have been made to increase the security of such information. For example, in the secure socket layer (SSL) technique, messages sent between the consumer and the merchant are encrypted, thereby making it more difficult for a third party to intercept and use the information. However, this method does not provide the merchant with any verification of the identity of the consumer. Accordingly, if a third party were to obtain a credit card number by other fraudulent means such as theft of physical credit card, the SSL method would not prevent the third party from fraudulently using the stolen information.
Secure Electronic Transaction (SET™) techniques attempt to solve the foregoing problems by using digital certificates to authenticate the consumer/account holder, the merchant, and the credit card issuer. Each certificate is issued by a trusted certificate authority. While SET™ is currently the most secure way to handle payments over the Internet, it requires digital certificates and cryptographic software to be installed and operated on the account holder's computer.
In fact, most prior art secure electronic commerce systems require consumers to install special software on their computers. Yet, many consumers are reluctant to install such software and, in any case, a specialized account holder application may not be compatible with a wide variety of account holder access devices—e.g., personal computers, personal digital assistants, and mobile communication devices such as mobile telephones. As a result, it has been difficult for some secure electronic commerce systems to gain widespread acceptance among consumers.
Similar security concerns apply for more conventional transactions conducted via telephone. Transactions conducted by telephone generally do not provide a merchant with any verification of the identity of the purchaser. Accordingly, if a third party were to obtain a credit card number by fraudulent means such as theft of a physical credit card, the above-described methods would be likewise ineffective in preventing unauthorized transactions using the stolen credit card.
Systems have been implemented wherein a telephone call is placed to the consumer before processing the transaction to verify the consumer's authorization of payment. However, these systems cannot confirm the identity of the party answering the call and giving the spoken authorization. A third party who obtains a credit card number by fraudulent means may also provide telephone contact information different from that of the true Cardholder, such that the telephone call will be placed to the fraudulent third party or yet another fraudulent third party. Moreover, these systems suffer from additional disadvantages in that they require live operator interaction and are accordingly slower, less cost-effective and generally inefficient.